#VU76553 Improper export of android application components in Samsung Mobile Firmware - CVE-2023-21486
Published: May 26, 2023
Vulnerability identifier: #VU76553
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-21486
CWE-ID: CWE-926
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Samsung Mobile Firmware
Samsung Mobile Firmware
Software vendor:
Samsung
Samsung
Description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper export of android application components in ImagePreviewActivity in Call Settings. An attacker with physical access to device can obtain certain media data stored in sandbox.
Remediation
Install updates from vendor's website.